Privacy notice

How we collect, store, use and protect personal information.

PrivacyNotice - Desktop2x - compressed

* Updated 5 November 2024

This privacy notice is about how Capitec Bank Holdings (“Capitec Group”), as a responsible party, handles your personal information. It covers the Capitec Group, its employees, contractors or authorised agents acting on the behalf of Capitec, its subsidiaries, or any third party and partners with whom we have contracted. It explains: what type of information we collect about you, how we use that information, who we may share it with, the circumstances under which we may share it, and how we will keep your personal information private and secure.

This privacy notice applies to you if you are:

  • A visitor to our website or a user of any Capitec Mobile App or Remote Banking Site.
  • A prospective client who has applied to use the products and services offered by us, either directly with us or through a partner of Capitec.
  • An existing client who uses the products and services that we provide.
  • An existing or potential employee of the Capitec Group, including its subsidiaries.
  • A natural or juristic person whose personal information we process to provide you with products and services, e.g. contractors or authorised agents, vendors, approved partners or suppliers.
  • A natural or juristic person whose personal information you have provided to us for the purposes of using a product or service e.g. your spouse, dependants, beneficiaries and lives assured, where applicable.
  • A natural or juristic person whose personal information you have provided to us for the delivery of products e.g. vehicle license documents or electronic devices.
  • A natural person whose personal information we process during the Capitec Financial Education program.
  • A natural or juristic person whose personal information we may have obtained from the public domain (e.g. social media sites in the public domain or from a public record).

Personal information means information, in any format, that can identify a living natural person or, where applicable, an existing juristic person.

Personal information excludes:

  • Statistical Information: de-identified information that we collect and compile for statistical purposes.
  • Aggregate Information: Information in aggregated form that does not identify you.
  • De-identified Information: Information that has been permanently altered to remove any identifiable information so that it cannot be traced back to you.

We will collect your personal information under these circumstances or conditions:

  • You visit our website or use any Capitec Mobile App or Remote Banking Site.
  • You apply for a bank account, take out an insurance policy, or use any of our products or services.
  • You register or apply for a Capitec Career through our recruitment channels.
  • You register to use the Capitec Money Up Academy.
  • We communicate with you and to act on your instructions when you contact us by phone, WhatsApp, email or social media.
  • You voluntarily supply us with optional information e.g. Email addresses, opinions, alternative contact details.
  • You perform transactions on your account, we will collect your transaction history and transacting activities.
  • You use our products and services or engage with us and we establish personal preferences or behavioural trends about you.

Each Capitec entity may also collect your personal information from other entities within the Capitec Group or from partners or affiliates of Capitec with whom the Capitec Group conducts business.

When you provide us with the personal information of other people (like dependents, beneficiaries, or lives assured), you confirm that you have their permission, where applicable, to share this information with us for the purposes outlined in this privacy notice. You also agree to indemnify us from any loss or damage that might occur if you share a third party’s information without the necessary consent or proper authorisation.

If you have an employment application, we may gather additional information about you from various sources. This could include public records, career platforms, social media, and other third parties. For instance, we might obtain insights from your professional or academic references, such as previous employers or educational institutions, as well as through third-party pre-employment background checks.

We will only collect your information in line with relevant regulations and laws. The information we collect, and process could include:

  • Personal details, for example, your name and surname, previous names and surnames, gender, date of birth, and occupation.
  • Information concerning your identity, for example, an identification number such as your South African ID number, Passport number, Tax Identification number.
  • Contact details, for example, your home/work/postal/email addresses and telephone numbers.
  • Biometric information linked to your account, for example, photographic identification and biometric fingerprint information.
  • Demographic information, for example, your gender and/or marital status.
  • Credit bureau information, data about you held at a registered credit bureau.
  • Transactional behaviour data, data about how you interact with our products and services and the actions you perform in relation to any Capitec service or product.
  • User login data, for example, your login credentials for the Capitec Mobile App or Remote Banking Site.
  • Location information, the approximate geographic location at the time of using the Capitec App or performing a Capitec transaction.
  • Other information about you that you give us by filling in forms, surveys, competitions or by communicating with us, whether face-to-face, by telephone, email, online, live chat etc.
  • Financial information such as your bank account details.

Depending on the products and services that you require, we may also collect special personal information about you, for example:

  • Demographic information, for example, your race or ethnicity, or health-related information for insurance purposes.
  • Criminal information, for example, information about your commission or alleged commission of any criminal offence or about any related legal proceedings.
  • Personal information of children under the age of 18 (eighteen), whose information is provided to us by a legal guardian or competent person to open a bank account, as an insurance product beneficiary or part of the Financial Education programs, including Money Up Academy.

Depending on the products and services that you use, we may also collect or generate the following information about you:

  • Information about you or those you represent, their relationship with us, the channels you use and your ways of interacting with us, including the Capitec Mobile App or Remote Banking Site, as well as information concerning complaints, disputes and insurance claims.
  • Life insurance and non-life insurance information related to policy content for yourself and your beneficiaries, claims information, previous policy and claims information and information that confirms if you have passed away to enable us to pay out insurance benefits to your beneficiaries.
  • Authentication information such as your biometric information, which includes your voice for voice ID, photographic identification and biometric fingerprint information to verify you as a Capitec client.
  • Cookies, and similar technologies we use to recognise you, remember your preferences and tailor the content we provide to you. Our cookie policy available at Cookie Policy | Privacy Centre | Capitec contains more details about how we use cookies.
  • Investigation data, for example, due diligence checks, fraud, sanctions and anti-money laundering checks, external intelligence reports, content and metadata related to relevant exchanges of information between and among individuals, and organisations, including emails, voicemails and live chat.
  • Records of correspondence and other communications between us, including emails, telephone conversations, live chat, instant messages, and social media communications.
  • Information that we require to support our regulatory obligations, for example, information about transaction details, purpose of payment, counterparty/beneficiary information, identification documents, detection of any suspicious and unusual activity, and information about parties connected to you or these activities.
  • Information about the devices you use to access the Capitec Mobile App, Remote Banking Site, or Capitec Website, for example, software and Internet Protocol (“IP”) address.
  • We collect data and information (through third-party products) on your device called “Log Data” for Merchant Services and Capitec Connect products. This Log Data may include information such as your device's IP address, Device model, Device name, Device ID, operating system version, NFC functionality, the configuration of the app, the time and date of your use of this Service, and other statistical information.
  • International Mobile Equipment Identity (“IMEI”) Number to provide Capitec Connect services such as Subscriber Identification Module (“SIM”) Swap, SIM Ownership Charge, Number Churn, and Porting Services Support.
  • Credit bureau data when you become a Capitec client to provide you with Capitec products and services.
  • Employment information such as status and remuneration when you take out a credit product with us, for a retrenchment claim or Medical and other information for when we assess a lump sum disability or temporary disability claim.
  • Education, lifestyle and financial health information which you may provide to us when you partake in the Capitec MoneyUp Academy.

Our personal information core processing principles are more fully described here

If we are unable to collect your personal information, or if you request that we restrict the processing of your personal information necessary to provide the products and services you have requested, we regret that we will not be able to continue offering you our products and services.

We will only process your personal information where we have a lawful reason for doing so and on a justifiable ground. For example, where you have consented to the processing, where it’s necessary for us to comply with obligations imposed by law, where it is necessary to perform a contract with you, or where it is necessary to pursue our legitimate interests or that of a third party (as further detailed below). You can exercise your POPIA rights related to this processing at any time here.

The personal information we collect may be processed through centralised functions and systems across entities (including joint ventures and companies) in the Capitec Group. It may be used for the purposes of fraud, risk monitoring and analysis, statistical analysis and to improve, develop, price and market products or services. This will be done with the appropriate controls as set out below.

  • Entering into or performance of a contract

Clients

We need to process your personal information to carry out the obligations of our agreement with you. This includes all the processing and pre-assessment activities that are required to enable us to sign you up for one or more of our Capitec Group products or services (for example, verifying your identity, pricing all contracts, assessing and verifying claims, assessing whether you qualify for a product or service, enrolling you for electronic signatures, obtaining your credit bureau information etc.), and managing the client relationship for the duration of the agreement and as required after termination of the client relationship.

To use some of our services, we need to confirm you are in South Africa. This is due to legal and Appstore requirements. For example, we need your location to let you play Lotto on our Capitec App and to accept payments with our Merchant Device. We also use location services to monitor for fraud and risk. You might need to allow the Capitec App to access your location while using it. We will never monitor or track your location other than during your use of the Capitec App.

 

Employees

We need to process your personal information to carry out the obligations of our agreement with you as a potential or permanent Capitec Employee. We will use the personal information collected for recruitment purposes and for purposes connected with your employment. We may seek more information about you from other sources, including from public domains, career platforms, social media and/or third parties.

  • Compliance with law and regulatory compliance obligations

We may need to process your personal information to comply with specific legal obligations. We operate in a highly regulated environment of banking, insurance, financial services, credit and other goods and services, which means that there are several laws, regulations and directives that require us to perform certain processing activities (such as FICA, the Income Tax Act, the VAT Act).

This may include using your personal information to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and/or that of others.

We will mostly collect information directly from you but there may be instances where we may need to obtain your information from the Department of Home Affairs, the Credit Bureaus and other public sources, to:

  • Ensure that there are no deficiencies in your information.
  • Ensure that your information is kept up-to-date and correct.
  • Determine and manage financial crime risks.
  • Identify yourself and verify your source of funds or income.

We will use the most reliable source of information to update your personal information where required.

  • Legitimate interest

We process your personal information to protect your legitimate interests or when necessary to pursue our own or a third party’s legitimate interest. We have processes in place to ensure that your personal information and right to privacy remain protected at all times.  

  • Tracking or recording what you say or do

We may record your interactions with us, such as emails, phone calls, live chats, and other communications. These recordings help us to verify your instructions, improve our service, train our staff, manage risks, and prevent fraud and other crimes. We may also collect information about the devices or software you use during these interactions.

  • Product and Service Improvement and Development

We may use your personal information as a banking and insurance client to personalise existing and new products and services to benefit you. Our analysis includes data analytics, statistical or other analysis and profiling to better understand how you use our services, and to respond to any service issues you may have. You can opt out of this personal information usage at any time for direct marketing and personalised offers by changing the consent settings and communication preferences on your app or through the client care centre. Alternatively, send us a request on Processing Restriction Request | Privacy Centre | Capitec.

Opting out of direct marketing or personalised offers will only opt you out of product offer communications based on consent and not where the processing of your personal information is necessary when required by law or when required to carry out the obligations of an agreement we have with you. Where the processing of your personal information is required by law or when carrying out the obligations of an agreement, you cannot opt out of this communication.

Where you have consented to us doing so:

  • We may analyse the type of transactions you perform to provide you with personalised offers to improve existing and create new products that could benefit you. (Personalised offers)
  • We may send you our latest offers and products through electronic communication. (Direct Marketing)
  • We may send you financial educational information to assist you in improving your financial life.

These services aim to keep you informed about and offer you new products, services and benefits that help you to live better, but also to educate you about good financial behaviours based on your previous actions or needs.

  • When we have your explicit consent to further process your personal information.
  • Where the purpose of the further processing is compatible with the purposes for which your personal information was initially collected.
  • Where the personal information is available in or derived from a public record or has been deliberately made public.
  • When further processing is required by law or for legal proceedings.
  • When processing is needed to protect the public from financial loss due to dishonesty or malpractice.
  • When the processing is required for statistical purposes.

We may share your personal information with third parties.  Where we do share your personal information with third parties, we ensure that the correct due diligence is in place, such as appropriate security safeguards and confidentiality obligations. Your information may be shared with third parties in the following instances:

  • To provide you with products or services you have requested, for example, fulfilling a payment request or sharing information with third-party vendors who Capitec utilises.
  • Where Capitec has a public or legal duty to do so, for example, for credit assessments or to assist with detecting and preventing fraud, tax evasion and financial crime.
  • Where Capitec must do so in connection with regulatory reporting, litigation, governmental audit or asserting or defending legal rights and interests in compliance with legal obligations, for example if a court order or subpoena directs Capitec to share the information.
  • Where Capitec has a legitimate business reason for doing so.
  • Where Capitec is required to do so to either manage risks, verify your identity, provide you with services requested, or to assess your suitability for products and services.
  • Where Capitec has asked your permission to share the personal information, and this was consented to.

We may share your personal information with third parties for the following reasons:

Third-Party Category

Reason

Branch and Branch Support

Biometric verifications

Fraud Checks

Client Engagement

Marketing and Insights, WhatsApp support

Call monitoring

End-user message transmission

Voice of the Customer Surveys

Collaboration Tool

 

In-house Support and Operational Processes

In-house Support and Operational Processes

Employment service providers

To perform employment functions on our behalf (recruitment agents/agencies, email communications service providers and professional advisers such as lawyers, auditors and accountants, psychometric assessment service providers)

 

To verify the information given by you: national and international enquiries into your credit, criminal, qualification and employment history

Digital and Payments

Card delivery and processing

Prepaid products, QR payments, send cash, transaction history, USSD

Facilitates transactions upon purchase or interactions

Interbank Payments

EFT Errors and Pay & Clear

Fraudulent Transactions

Account monitoring and investigations

Compliance checks and auditing

Regulatory Inspections

Required data sharing as per our regulatory engagement policy

Cloud Hosting Platforms

Data Processing and Storage

Regulatory authorities, industry ombudsmen, government departments (for example, Department of Home Affairs), local and international tax authorities and other persons the law requires Capitec to share client personal information with

As determined by regulatory authorities. A description of the records of Capitec which are available and retained in accordance with other legislation, is detailed in the Addendum to the Capitec PAIA Manual. These categories of records are not exhaustive and are subject to change.

Attorneys, tracing agents, debt collectors and other persons

To assist with the enforcement of agreements

Trustees, executors, or curators appointed by a court of law

For the administration of deceased estates

Participating partners in the Bank’s Live Better rewards programme

When clients purchase goods, products and services from participating partners or spend cash back rewards

Service providers, partners, agents, and subcontractors, such as couriers and other persons Capitec uses to offer and provide financial solutions and value added services to clients

Services used to offer and provide financial products and services to clients or help with parts of our business operations, including fraud prevention, bill collection, value added services, marketing, and technology services (our contracts dictate that these goods suppliers or service providers only use your information in connection with the goods they supply or services they perform for us and not for their personal benefit)

Credit bureaus

To obtain a credit report about all Capitec clients, which includes their credit history and credit score, when the client applies for a credit agreement to prevent reckless lending or over-indebtedness. This is in order to provide Capitec products and services and to assess all our client's financial well-being in addition to fraud checks

Insurers, brokers, other financial institutions, or other organisations that assist with insurance underwriting, the providing of insurance policies and products, the assessment or verification of claims, repatriation services and other related purposes

For the provision of insurance products, the processing of insurance policies or claims (including repatriation services) and prevent any associated fraud, and to fairly assess risks that could affect future premiums.

Payment processing services providers, merchants, banks, and other persons that assist with the processing of client payment instructions, such as card scheme providers (including VISA or MasterCard)

For the processing of client payment instructions

Other divisions or companies within the Capitec Group

To provide joint content and seamless services like registration, transactions and customer support, to help detect and prevent potentially illegal acts and violations of our policies, to guide decisions about our products, services, communications and to improve existing products or to develop new products.

Live Better Partners

As part of our Live Better initiatives, we might share your personal information with our Live Better partners who will in turn provide you with services/product offerings or benefits. Our Live Better Partners can be found here

 

When clients purchase goods, products and services from participating partners or spend cash back rewards

Franchising

(Information about the Franchisee may be shared with their respective Franchisor)

For the continued performance of contractual obligations and managing franchise business relationships.

Connect Services

For the provision of the Capitec Connect service including sim management, network services, porting and ownership changes, delivery of devices, advances and recharge services.

 

Other

Other third parties who provide us with relevant services where appropriate (such as Google’s Remarketing and Analytics Demographics and Interest Reporting, Google, Samsung, Apple, Garmin, and Huawei Store).

Other

Other third parties who provide us with relevant services where appropriate (such as Google’s Remarketing and Analytics Demographics and Interest Reporting, Google Samsung, Apple, Garmin, and Huawei Store).

You can exercise your POPIA rights related to the retention of your personal information at any time here, but we may have to keep your personal information even if we no longer have a relationship with you to meet our legal requirements and for our legitimate business purposes, as set out in our information retention policy. Any retained information will be kept secure in line with our security policies. If we don’t need the information anymore, we may delete it or de-identify it.

We will take the appropriate, reasonable, technical and organisational steps to protect your personal information in line with industry best practices. This includes, for example:

  • We ensure that known threats are accounted for. We have implemented administrative, technical, personnel and physical measures to protect your personal information against loss, theft, access, and unauthorised use or changes.
  • We have implemented appropriate security controls to prevent the processing of your personal information from being accidentally or deliberately compromised. This includes physical and organisational security measures such as restricted user access, responsible information handling, malware controls, encryption or obfuscation or masking, vulnerability, and penetration testing.
  • We always use secure methods of transfer when storing or sharing your personal information.
  • Only approved Capitec employees or consultants acting on behalf of Capitec are allowed access to your personal information to perform their daily tasks for Capitec.
  • We ensure that if we do share your personal information with third parties, the necessary safeguards, written agreements, and due diligence are in place to protect your personal information

Your information may be transferred to and stored in locations outside of South Africa. When we do this, we will ensure that the third party recipient of the information is subject to adequate data protection laws to ensure that your personal information is protected at the level of protection as required in terms of South African data protection laws and that the transfer is lawful.

We will not sell your personal information. No personal information will be disclosed to anyone except as provided in this privacy notice. 

You have several rights in relation to the personal information that we hold about you. These rights include:

  • The right to request access to the information we hold about you and to obtain information about how we process it.
  • The right to withdraw your consent to our processing of your information, which you can do at any time. We may continue to process your information if we have another justifiable ground for doing so, although this may impact your ability to continue to have access to our products and services.
  • The right to request that we correct your information if it’s inaccurate or incomplete.
  • The right to request that we delete or destroy your information. However, we will retain information that is required for our lawful purposes and within the legally permissible retention period. This means that we may retain some of your information even if you requested us to delete or destroy it.
  • The right to object to, and to request that we restrict our processing of your information. There may be situations where you object to, or ask us to restrict, the processing of your information but we are entitled to lawfully continue processing your information and/or to refuse your request.
  • You can exercise your rights in our Privacy Centre by clicking on the following link: Exercise Your POPIA Rights | Privacy Centre (capitecbank.co.za)

You may submit a grievance about the processing of your personal information in relation to this privacy notice through our Privacy Centre  POPIA / Other Complaint | Privacy Centre | Capitec

You also have the right to file a complaint with the Information Regulator about an alleged contravention of the protection of your personal information. The contact details of the Information Regulator are as follows:

Visit their website

Home - Information Regulator (inforegulator.org.za)

Postal address

P.O Box 31533, Braamfontein, Johannesburg, 2017

Physical address

 

The Information Regulator (South Africa)
JD House, 27 Stiemens Street,
Braamfontein,
Johannesburg,
2001.

 

Phone number

010 023 5200

Email

PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from public or private bodies for access to records you may use this email address to complain.

POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint.

If we change ownership, merge with, acquire or are acquired by, or sell assets to another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on our website. If you are concerned about your personal information being transferred to a new owner, you may exercise your rights in our Privacy Centre by clicking on the following link: Exercise Your POPIA Rights | Privacy Centre (capitecbank.co.za)

We regularly review our practices to make sure your personal information is safe and used responsibly. Sometimes, we may need to update our data privacy policies. This may affect clauses in our contracts or terms and condition. If we do, we’ll let you know by posting a notice on our website or the Capitec App, or through another communication method. These notices will show what changes we made and when they start.

Please note that Capitec may not be able to continue a banking or insurance relationship with a client or provide clients with certain products or services if they object to or do not agree with the changes.

The latest version of this privacy notice is dated and made available on Capitec’s website. It applies to all data subject interactions with Capitec and will be accessible on Privacy Notice | Privacy Centre | Capitec.